ekohl
commented
3 years ago I'm trying to figure out the behavior if the parameter is not specified on older versions but it's not entirely clear to me. It looks like it may default to /dev/random but I can't quite find it out. It also looks like it may not matter on modern kernels but most distros don't include kernel 5.6. Those that do are more likely to also ship a bind that doesn't accept the parameter.
Do you happen to know if it defaults to /dev/random or /dev/urandom if not passed?
For what it's worth, this was already present in the first commit (17794329beedfe1af4b3a7074a935cf0ddeaece4) which copied zleslie's dns module. Back in 2012 using /dev/random could be very slow and /dev/urandom was much better for most use cases.
karelyatin
With https://github.com/isc-projects/bind9/commit/3a4f820d625c214cfb21f5e6d18ce9160d2a193b -r option is removed in confgen command, so now if -r /dev/urandom is passed to the command then it fails due to fatal("The -r option has been deprecated.").
I see it's used at two place in puppet-dns code:-
Also looks this parameter is not mandatory in earlier bind versions and confgen works without it too, but may be it was passed for some use case, Anyway it would be good to get it fixed for bind-9.13.0+.
Faced this while testing with bind-9.16.11 on a CentOS9 machine.